This is a repeat of a post from last August. Because trackbacks and comments didn't survive the port to MT 3.2, I've been asked by the company to re-post it as an FYI for their user community.
As any Neal Stephenson
fan knows, it's an arms race between the encryptors and the decryptors. Still, this
looks like the kind of thing that any aspiring terrorist operative - or Chinese protest organizer
- would want to have.
Stealthsurfer II is a little USB device that looks like one of those Jumpdrives, but acts as a shunt for all your Internet traffic. Even browsers with very small caches still write to disk, and those files are more or less permanent. Arthur Anderson should also have taken hammer to all of their Enron hard drives. The Stealthsurfer intercepts email, web browsing, and FTP traffic, and encrypts it using ES3. It's apparently versatile and easy to use.
Why would this be useful? Well, think of the number of intelligence coups we've had when we caught al-Qaeda guys parading around with their laptops. Using the Stealthsurfer, much of this content would never have hit the hard drive. Captured, they could either impersonate drug mule or just toss the little capsule away. Someone could use the Net for operational traffic, and if they weren't under surveillance, searching their laptop wouldn't do intelligence agents or federal prosecutors any good.
Another feature lets you spoof your IP address, making it seem as though your traffic is originating from a computer thousands of miles away. Handy little tool for the terrorist on the go.
It appears that the service reroutes your traffic through their servers, 128-bit encrypted, so the host website your accessing thinks that Anonymizer is the client. Anonymizer claims to cooperate with law enforcement, but if the transmitted information is already encrypted or hidden, they might never know their service was being used this way. And since they also claim they don't keep any of the traffic, the trail might well stop at their servers.
Now the tool does have limitations. Chinese dissidents or protest organizers wouldn't exactly be able to parade into an Internet cafe and cover their tracks. There's a login screen, a popup window, and some other give-aways. Also, the ChiComs are in the nasty little habit of blocking internet sites and monitoring traffic, so this kind of thing is likely to attract the attention of that little white van parked across the street.
So, take an electronic one-time pad that tell me where to look for my next instructions, a host site that has nothing but an innocuous-looking JPEG with the instructions embedded in it, a hand-held GPS for setting up remote drops and meetings. Add plausible deniability to my laptop and even my physical location, and I'd say we've got a little problem here, 99.